<?php
require_once('mysql_connect.php');
if ($_SESSION['admin'] == 1){
}else{
	header("Location:login.php");
	exit();
}

$loc ="admin";

if (isset($_POST['goid'])){
	if(is_numeric($_POST['goid'])){
		$goid = $_POST['goid'];
	}
}
if (isset($_GET['goid'])){
	if(is_numeric($_GET['goid'])){
		$goid = $_GET['goid'];
	}
}
if (isset($_POST['submit'])){
	$extension = explode('.', $_FILES['upload']['name']);

	if (strtolower($extension[1]) == "jpg"){
		$ext = TRUE;
	}elseif(strtolower($extension[1]) == "png"){
		$ext = TRUE;
	}elseif(strtolower($extension[1]) == "gif"){
		$ext = TRUE;
	}else{
		$ext = FALSE;
	}
	if ($ext){
		$newfilequery = "INSERT INTO picture(movieid, ext) VALUES({$goid}, '{$extension[1]}')";
		$newfileresult = @mysql_query($newfilequery);
		if ($newfileresult){
			$uid = mysql_insert_id();
			$filename = $uid . "." . $extension[1];
			if (move_uploaded_file($_FILES['upload']['tmp_name'], "pics/". $filename)){
				header("Location: addmovie.php?id=" . $goid);
				exit();
			}else{
				$valmes = "<FONT COLOR='red' size=-1 face='Verdana'>Their was an error uploading, please try again</FONT>";
				$query = "DELETE FROM uploads WHERE id=" . $uid;
				$result = @mysql_query($query);
			}
			
		}else{
			$valmes = "<FONT COLOR='red' size=-1 face='Verdana'>Their was an error uploading, please try again</FONT>";	
		}
	}else{
		$valmes = "<FONT COLOR='red' size=-1 face='Verdana'>Our server only accepts .png, .jpg and .gif files.</FONT>";	
	}
}

include('top.php');
?>
<TABLE><TR><TD>
<FORM enctype="multipart/form-data" ACTION="picture.php" method="post">
<INPT TYPE="hidden" name="MAX_FILE_SIZE" value="1000000">
<INPUT TYPE="hidden" name="goid" id="goid" value="<?php echo $goid;?>">
<?php
if (isset($valmes)){
echo $valmes . "<BR>";
}
?>
<FONT color="000000" size="-1" face="Verdana">file: <INPUT type="file" name="upload" /><BR><INPUT TYPE="SUBMIT" name="submit" id="submit" value="upload">
</FONT>
</FORM>


</TD></TR></TABLE>
<?php
include('bot.php');
?>
